TY - GEN
T1 - GuardION
T2 - 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018
AU - van der Veen, Victor
AU - Lindorfer, Martina
AU - Fratantonio, Yanick
AU - Padmanabha Pillai, Harikrishnan
AU - Vigna, Giovanni
AU - Kruegel, Christopher
AU - Bos, Herbert
AU - Razavi, Kaveh
PY - 2018
Y1 - 2018
N2 - Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.
AB - Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.
UR - http://www.scopus.com/inward/record.url?scp=85049324896&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049324896&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-93411-2_5
DO - 10.1007/978-3-319-93411-2_5
M3 - Conference contribution
AN - SCOPUS:85049324896
SN - 9783319934105
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 92
EP - 113
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings
PB - Springer/Verlag
Y2 - 28 June 2018 through 29 June 2018
ER -